Dynamic binary instrumentation (DBI) techniques allow for monitoring and possibly altering the execution of a running program up to the instruction level granularity. The ease of use and flexibility of DBI primitives has made them popular in a large body of research in different domains, including software security. Lately, the suitability of DBI for security has been questioned in light of transparency concerns from artifacts that popular frameworks introduce in the execution: while they do not perturb benign programs, a dedicated adversary may detect their presence and defeat the analysis. The contributions we provide are two-fold. We first present the abstraction and inner workings of DBI frameworks, how DBI assisted prominent security research works, and alternative solutions. We then dive into the DBI evasion and escape problems, discussing attack surfaces, transparency concerns, and possible mitigations. We make available to the community a library of detection patterns and stopgap measures that could be of interest to DBI users.

SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed) / D'Elia, DANIELE CONO; Coppa, Emilio; Nicchi, Simone; Palmaro, Federico; Cavallaro, Lorenzo. - (2019), pp. 15-27. (Intervento presentato al convegno 14th ACM ASIA Conference on Computer and Communications Security tenutosi a Auckland; New Zealand) [10.1145/3321705.3329819].

SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed)

Daniele Cono D'Elia
Primo
;
Emilio Coppa;Simone Nicchi;
2019

Abstract

Dynamic binary instrumentation (DBI) techniques allow for monitoring and possibly altering the execution of a running program up to the instruction level granularity. The ease of use and flexibility of DBI primitives has made them popular in a large body of research in different domains, including software security. Lately, the suitability of DBI for security has been questioned in light of transparency concerns from artifacts that popular frameworks introduce in the execution: while they do not perturb benign programs, a dedicated adversary may detect their presence and defeat the analysis. The contributions we provide are two-fold. We first present the abstraction and inner workings of DBI frameworks, how DBI assisted prominent security research works, and alternative solutions. We then dive into the DBI evasion and escape problems, discussing attack surfaces, transparency concerns, and possible mitigations. We make available to the community a library of detection patterns and stopgap measures that could be of interest to DBI users.
2019
14th ACM ASIA Conference on Computer and Communications Security
Dynamic binary instrumentation; dynamic binary translation; interposition; transparent monitoring; evasion; escape
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
SoK: Using Dynamic Binary Instrumentation for Security (And How You May Get Caught Red Handed) / D'Elia, DANIELE CONO; Coppa, Emilio; Nicchi, Simone; Palmaro, Federico; Cavallaro, Lorenzo. - (2019), pp. 15-27. (Intervento presentato al convegno 14th ACM ASIA Conference on Computer and Communications Security tenutosi a Auckland; New Zealand) [10.1145/3321705.3329819].
File allegati a questo prodotto
File Dimensione Formato  
DElia_Postprint_SoK_2019.pdf

accesso aperto

Note: https://dl.acm.org/citation.cfm?doid=3321705.3329819
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 503.13 kB
Formato Adobe PDF
503.13 kB Adobe PDF
DElia_SoK_2019.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.04 MB
Formato Adobe PDF
1.04 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1282946
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 41
  • ???jsp.display-item.citation.isi??? 26
social impact